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Amendment to the Claims r 

This listing of claims replaces all prior versions, and 
listings, of claims in the application: 

1. {Currently Amended) A machine- implemented method, 
comprising: 

obtaining policy rules, and simplifying said policy rules-r 
at least to remove duplicate policy ruloo and to form simplified 
policy rules , wherein a policy rule comprises one or more 
conditions and one or more values associated with the one or 
more conditions, the one or more conditions to be evaluated for 
network communications based on the one or more values, and said 
simplifying comprises eliminating at least one of any redundant 
conditions and values from the policy rule based at least in 
part on condition- type information of the one or more 
conditions ; and 

based on said simplified policy rules, creating an access 
control list adapted to configure a network device; and 

using the access control list to generate access filters 
that configure the network device to control network 
communications in the network device . 

2. (Previously Presented) The method of claim 1 further 
comprising expanding the policy rules intc value groups that 
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represent conditions occurring in the network device associated 
with the policy rules. 

3. (Previously Presented) The method of claim 2 wherein 
said simplifying comprises excluding conditions that would 
otherwise be implied by policy rules. 

4. {Original) The method of claim 3 further comprising 
resolving inconsistent conditions that result from expanding the 
policy rules and excluding the policy rule conditions. 

5. (Original) The method of claim 1 further comprising 
creating at least one array of included or excluded conditions 
from the policy rules. 

6. (Previously Presented) The method of claim 5 wherein 
generating the access filters further comprises: 

adding filters adapted to control access of a device to a 
component other than the network device in the network connected 
to the network device. 
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7. (Original) The method of claim 6 further comprising 
generating deny filters by combining the at lease one array of 
excluded conditions and the at least one array of included 
conditions . 

8. (Original) The method of- claim 6 further comprising 
generating permit filters by combining the at least one of the 
arrays of the included conditions with the remaining- arrays of 
included conditions. 

9. (Currently Amended) A system computer network; 
comprising: 

a first device adapted to disseminate policy rules in the a 
network; and 

a second device adapted to receive the policy rules 
disseminated on the network by the first device and adapted to 
perform operations comprising ; 

simplifying said policy rules-; — at loaot ' to remove 
duplicate policy ruloo— a n d to form simplified policy rules^ 
wherein a policy rule comprises one or more conditions and 
one or more values associated with the one or more 
conditions, the one or more conditions to be evaluated for 
network communications based on the one or more values, and 
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eaid simplifying comprises eliminating at leaat one of any 
redundant conditions and values from the policy rule based 
at least in part on condition -type information o£ the one or 
more conditions ; 

based on said simplified p olicy rules, creating C [e] ] an 
access control list adapted to configure a network the at 
lGQQfe one devic e fuom cho filtoro ; and 

fee— us ing [ [e] ] the access control list to generate 
access filters that configure the network device to control 
network communications in the network devic e froro - fcho 
translated policico . 

10. (Original) The system of claim 9 wherein the second 
device further comprises a permit filter. 

n, (Original) The system of claim 10 further comprising a 
plurality of data- storage devices adapted to permit access to 
the second device. 

12. (Original) The system of claim 9 wherein the second 
device further comprises a deny filter. 
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13. (Original) The system of claim 12 further comprising a 
plurality of data- storage devices adapted to deny access to the 
second device. 

14. (Currently Amended) An article comprising a computer- 
readable medium which stores computer executable instructions 
for managing policy rules on a network, the instructions causing 
a comput ing [ [er] ] machine to perform operations comprising : 

simplifying oaid policy rules-? — at lo a ot to remove 
duplicate policy rules and to form simplified policy rulee_j_ 
wherein a policy rule comprises one or more conditions and 
one or more values associated with the one or more 
conditions , the one or more conditions to be evaluated for 
network communications based on the one or more values, and 
said simplifying comprises eliminating at least one of any 
redundant conditions and values from the policy rule based 
at least in part on condition- type information of the one or 
/ more conditions ; 

based on said simplified p olicy rules, creat ing [ [e] ] an 
access control list adapted to configure a network device 
the devices igafom the uiunjlificd mlea ; and 
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us ing [ [e] ] the access control list to generate access 
filters that configure the network device to control network 
communications in the network device . 

15. (Currently Amended) The article of claim 14 wherein 
the operations further compris cing instruct iono to expan ding the 
policy rules into value groups, wherein value groups represent 
conditions occurring in the network device associated with the 
policy rules. 

16. (Currently Amended) The article, of claim 15 wherein 
the i - natruotiona to tranolato tho policy rulco simplifying 
further includes inotruotiono to e xclu ding [ [e] 3 conditions that 
would otherwise be implied by the policy rules. 

17 . (Currently Amended) The article of claim 16 wherein 
the inotructiono to translate tho policy rulco simplifying 
further includes inotructiono to resol ving [ [e] ] inconsistent 
conditions that result from expanding the policy rules and 
excluding the policy rule conditions. 

IB. (Currently Amended) A network device, comprising: 
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a configurable management process located on the network 
device having instructions t o effect operations comprising : 
recei ving [ [e] ] fefee policy rules in e -the n etwork 

device - ; 

translating [ [e] ] e the policy rules into a oat of 
simplified rule B at leaot removing duplicate parto of aaid 
ruloo to form oaid oimpli - fried rulon , wherein a policy rule 
comprises one or more conditions and one or more values 
associated with the one or more conditions, the one or more 
conditions to be evaluated for network communications baaed 
on the one or more values, and said translating comprises 
eliminating at least one of any redundant conditions and 
values from the policy rule based at least in part on 
condition- type information of the one or more conditions ; 

creat ing [ [e] ] an access control list adapted to 
configure the network device from the simplified rules; and 

us ing [ [e] ] the access control list to generate access 
filters that configure the network device to control network 
communications in the network device . 

Id. (Original) The device of claim 18 further comprising a 
connection to an external network. 
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20. (Original) The device of claim 19 wherein the external 
network ia a local area network. 



21. (Original) The device of claim 19 wherein the external 
network is the Internet. 



22-24. (Cancelled) 
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